1 minute read
Save the modified .inf file as Netfw.inf
Using the Windows Firewall .Inf File in Microsoft® Windows® XP Service Pack 2 6
Method 2: Post-Installation 1. Copy the default Windows Firewall .inf file (Netfw.inf) from an installation of Windows XP SP2.
Advertisement
2. Make the desired modifications to the .inf file. Directions for modifying the .inf file are provided in the "Configuration Options Provided in the Windows Firewall .Inf File" section of this article.
3. Save the modified .inf file as Netfw.inf.
4. Replace the default Netfw.inf with the modified Netfw.inf in the installation of Windows XP SP2.
5. Run the netsh firewall reset command on the computer running Windows XP SP2. You can do this manually by typing the command at a command prompt or by including the command in a run-once script.
Default Windows Firewall .Inf File
The default contents of the Netfw.inf file are the following:
[Version] Signature = "$Windows NT$" DriverVer =07/01/2001,5.1.2600.2132
[DefaultInstall] AddReg = ICF.AddReg.DomainProfile AddReg = ICF.AddReg.StandardProfile
[ICF.AddReg.DomainProfile] HKLM,"SYSTEM\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolic y\DomainProfile\AuthorizedApplications\List","%WINDIR%\system32\sessmgr.exe", 0x00000000,"%WINDIR%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll.-22019"
[ICF.AddReg.StandardProfile] HKLM,"SYSTEM\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolic y\StandardProfile\AuthorizedApplications\List","%WI NDIR%\system32\sessmgr.exe ",0x00000000,"%WINDIR%\system32\sessmgr.exe:*:enabl ed:@xpsp2res.dll.-22019"
The first two sections of Netfw.inf contain versioning and configuration information, and do not need to be modified. The sections that are significant for modifying the default configuration for Windows Firewall are the following:
• [ICF.AddReg.DomainProfile] – Windows Firewall maintains two sets of configuration known as profiles. One profile is used when a computer is connected to the domain to which it is joined, while the other profile is used when the computer is not connected to its domain. This section is for defining changes to Windows Firewall’s default configuration when a computer is connected to a network that contains its domain.
[ICF.AddReg.StandardProfile] – This section is for defining changes to Windows Firewall’s default configuration when a computer is not connected to a network that contains its domain. If a computer is not a member of a domain, then Windows Firewall will always enforce the configuration stored in the Standard Profile.
